Notice from Authorized.net
Important System Notice Dear Authorize.Net Developer:
During the week of March 16 – 20, 2009, Authorize.Net will be deprecating all legacy support for the SSL 2.0 protocol. Changes have recently been made to the Payment Card Industry Data Security Standard (PCI DSS) which have made the use of SSL 2.0 a PCI DSS violation.
Due to this change, it is critical that you update any applications or integrations that may be using the SSL 2.0 protocol to support the more current SSL 3.0/TLS 1.0 protocols. Failure to upgrade your applications or integrations may result in a lost ability to successfully process transactions via the Authorize.Net Payment Gateway.
If you have merchants who are currently using SSL 2.0 to connect to the Authorize.Net Payment Gateway, you must contact them immediately and arrange to update their integrations to the SSL 3.0/TLS 1.0 protocols.
For more information on the limitations of SSL 2.0 and the advantages of SSL 3.0/TLS 1.0, we recommend reviewing the white paper Analysis of the SSL 3.0 Protocol.
If you have any questions, please contact developer AT authorize DOT net.
Sincerely,
Authorize.Net

PayPal updates:
n September 2009, PayPal will begin upgrading its Payflow gateway service from a single-tier SSL server certificate hierarchy to a new, more secure two-tier hierarchy. All older Payflow integrations must be updated to support the new certificate type. PayPal has released a new Software Development Kit (SDK version 4.3+) for Microsoft .NET and Java; along with a HTTPS interface for all other programming languages. All Payflow Pro integrations will need to be upgraded to this new SDK or the HTTPS interface before September 2009.
Gateway update
You will need to update your web application code before this date or it will stop working
STEP by STEP instructions on how to upgrade
Blog information

Home User Application vulnerabilities
Adobe Reader version 9 and earlier

Level: mid  2/20/09
Adobe Security Bulletin APSB09-01 describes a memory-corruption
vulnerability that affects Adobe Reader and Acrobat. Further
details are available in Vulnerability Note VU#905281. An attacker
could exploit these vulnerabilities by convincing a user to load a
specially crafted Adobe Portable Document Format (PDF) file.
Acrobat integrates with popular web browsers, and visiting a
website is usually sufficient to cause Acrobat to load PDF content.

Notes: A update is expected to be released on March 11th by Adobe. Most Anti-virus applications should pick up the attack.   I confirmed Trend Micro and Symantec has updated their definitions to include this vulnerability.

Alt Fix: Disable Javascript within Adobe reader

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

Internet Explorer version 7

Level: Critical 2/16/09

The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploit Example

Network Tools

Network information:

Disabled Trace & track

Windows:

Find which application pool is using the most cpu/memory

When viewing Windows Task Manager, you may notice that the IIS process (w3wp.exe) is taking a lot of CPU or memory.  The problem is that discovering which web site is causing the high resource utilization is difficult to do.

1. In Windows Task Manager’s Process view, click on View and choose Select Columns
2. Check PID (Process Identifier)
3. Click OK
4. Find the PID of the process using too many resources
5. Open a command prompt
6. Type the following:
   1. cd \Windows\System32
   2. cscript.exe iisapp.vbs